Identifying Appropriate Biometrics

As the prior discussion has identified, various biometric techniques could theoretically be applied to mobile handsets. However, from a practical perspective there are a number of issues to consider. As previously discussed there are issues of usability and cost associated with the selection of a biometric technique. For example, the application of iris scanning in a mobile environment is certainly more problematic if someone considers the sensitivity of the technique and the positional requirements that it imposes, rather than (for example) applying facial recognition as the detail required is far less extensive than the former. Furthermore iris imposes more extensive hardware requirements, as a far more sensitive camera sensor would be required. Even though any biometric will be affected by the environmental/external conditions caused by the use of a mobile, certain techniques can be considered to be more tolerant.

Table 2-2 illustrates a number of biometrics that have the potential to be utilised in a handset, as well as a number of parameters that are considered important for their application. The first factor is the hardware requirements and the potential cost implication of the technique. The additional integration of specialised biometric hardware would aggravate the already high cost of the mobile handset (e.g.

AuthenTec a company that develops fingerprint sensors, needed to reduce prices from $3 to $1 to facilitate large-scale deployment (Blau, 2007)). The second factor - accuracy, representing the performance of each technique - has been attributed based on results announced by the International Biometric Group (IBG, 2005) and

47

National Physical Laboratory (Mansfield et al., 2001). The non-intrusiveness factor refers to the ability of a technique to acquire the necessary samples without requiring any explicit interaction from the user. This provides the capability of authenticating the user at various times, without adding inconvenience to their regular use of the device.

Iris scanning  Very high 

Keystroke

analysis  Medium 

Service utilization  Low 

Voice verification  High 

Gait verification  Unknown 

Table 2-2: Potential biometric techniques for mobile devices

From the table it can be seen that the techniques that share the highest accuracy are at the same time more intrusive to the user. As such there will always be a trade-off and a balance to be sought towards satisfying both sides. Nevertheless, there are a number of techniques that can operate transparently without further hardware requirements by utilising the standard built-in hardware and use the users’ normal activity. These are:

48

• Voice Verification: Capture voice samples during a voice call.

• Face Recognition: Utilise the front camera of the handset during a video conference call or capture snapshots during other interactions when the user will be expected to be looking at the screen.

• Signature (handwriting) Recognition: Capture samples while a user utilises an editor in order for example to keep notes.

• Keystroke analysis: Capture samples while a user is typing text messages or writing a document.

• Service Utilization: Monitor the interaction of the user with the device based on application use, frequency and timing of use, etc.

Each of these techniques could be potentially used to acquire the authentication samples necessary, without disturbing the user and constitute a monitoring mechanism that can maintain trust in the user’s identity continuously throughout the usage of the device.

2.3.6.1 Biometric Fusion

Plenty of research to date has looked in the use of multiple biometric inputs in order to strengthen the decision making process. This approach is generally referred to as biometric fusion and it is believed to offer an improved performance in a biometric system that has the ability to incorporate a number of inputs (Ben-Yacoub et al, 1999; Brunelli & Falavigna, 1995; Bigun et al, 1997; Hong & Jain, A.K; Jain et al, 1999).

49

The concept of fusion techniques is the use of more than one input and the combination of those to create an output. The inputs could be representing the use of more than one sample from the same biometric – multi-instance/multi-sample fusion or the use of samples from different techniques – multi-modal fusion. Other approaches like multi-sensor- the use of different acquisition sensors, multi-algorithm – the use of different algorithms for feature extraction and/or matching, are also options (Ross, 2007). Depending on the application and resources available, the use of fusion in an authentication system could provide a more informed decision related to user’s identity as it may utilise multiple samples of the same feature or utilise a combination of biometric traits for the system to reach its conclusion. By using multiple traits several challenges are addressed such as spoofing attempts are minimised since it would require the simultaneous forgery of more than one biometric, non-universality is addressed by covering a broader spectrum, noisy data that may characterise specific acquired samples and generally offers a more tolerant error approach (Ross, 2007).

It can be foreseen that the performance of the system regarding both security and usability would so much depend upon the quality of the samples as well as the algorithm used in each biometric, but furthermore to the actual fusion decision algorithm to enable a balance between security and usability. When for example utilising fusion of different biometric techniques that ones have higher performance than others and giving to that techniques a considerable higher weight to the decision it may almost diminish any fusion in essence whilst overlooking the rest of the characteristics. If on the other hand the same weighting is applied across all

50

inputs that may be on the loss of either security or usability as it would not be taking into account the high FAR that may occur in one case or the good performance if there was more reliance on the better techniques on the other. Similarly when utilising samples of the same technique a similar consideration may exist relevant to using different algorithms of the same technique with different robustness or for example have a reliance on the quality of a sample so less quality samples do not get the same contribution to the decision.

Further to its algorithmic consideration, biometric fusion also poses the consideration for technical compatibility. Its application in a deployable system presupposes the need for a common interface for the use and integration of different techniques. This issue is resolved by standardisation of biometric products and algorithms with standards like BioAPI being more widely used.

Biometric fusion can be applied on several levels of the biometric process: at feature level, at matching level or at decision level (Ross, 2001). Figure 2.13 illustrates the operation of fusion depicting all 3 stages that it can occur.

51

Figure 2.13: Stages for biometric fusion (Adapted from Ross et al (2001)